Hi there,
I'm working on a Alfresco CAS LDAP installation. Most things are up and running but I have still some questions. My idea is to have one single CAS Server for SSO for Liferay and multiple Alfresco servers for different customers. The CAS server (with ApacheDS) is configured to search the whole directory (DC=ALL, DC=Customers), the Alfresco servers ldap authentification and synchronisation is configured with this searchbase:
ldap.authentication.userNameFormat=cn=%s,ou=customer1people,ou=custumer1groups,dc=all,dc=customers.
Now I have the following problem:
Every user who has a valid cas login (all users from ou=customer1, ou=customer2…) is allowed to login to the alfresco webclient on server customer1 despite he is definitely not in the list of users which is imported via ldap (I checked the XML files with the LPAD importdata)?
There is one difference between the users who are importet from LDAP and those who can login through CAS: webdav login is only permitted for the LDAP authentificated users, that makes me sure that the LDAP settings for alfresco are correct.
Is there any chance to allow only the members of ou=customer1people,ou=custumer1groups to alfresco on server customer1 even if cas accept all members of my directory.
Another question is is it possible to authentificate against multiple ou like customer1 an support for server customer1, ou=customer2 and ou=support for server customer2 and so on?
I hope some of you will understand what I tried to explain and may have a solution for this setup.
Thanks in advance
Arne Kaiser